On 08/22/2017 08:18 AM, Paolo Bonzini wrote:
> Introduce a privileged helper to run persistent reservation commands.
> This lets virtual machines send persistent reservations without using
> CAP_SYS_RAWIO or out-of-tree patches. The helper uses Unix permissions
> and SCM_RIGHTS to restrict access
On 22/08/2017 16:34, Marc-André Lureau wrote:
> Could this be handled by udisk? It seems at first the problem is not
> specific to qemu.
Yes, possibly. In practice, everybody else who uses persistent
reservations seems to run as root. :)
>> +static void usage(const char *name)
>> +{
>> +(pri
Hi
On Tue, Aug 22, 2017 at 3:18 PM, Paolo Bonzini wrote:
> Introduce a privileged helper to run persistent reservation commands.
> This lets virtual machines send persistent reservations without using
> CAP_SYS_RAWIO or out-of-tree patches. The helper uses Unix permissions
> and SCM_RIGHTS to re
Introduce a privileged helper to run persistent reservation commands.
This lets virtual machines send persistent reservations without using
CAP_SYS_RAWIO or out-of-tree patches. The helper uses Unix permissions
and SCM_RIGHTS to restrict access to processes that can access its socket
and prove tha
